package com.shux.usermanager.shiro;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import com.shux.usermanager.constant.UserConstant;
import com.shux.utils.constants.Constant;
import com.shux.utils.string.StringUtil;

/**
 **********************************************
 *  描述：对验证码进行校验
 * Simba.Hua
 * 2017年7月2日
 **********************************************
**/
public class UsermanagerShiroAuthenticationFilter extends FormAuthenticationFilter{

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        // TODO Auto-generated method stub
        HttpServletRequest httpRequest = (HttpServletRequest)request;
        HttpSession session = httpRequest.getSession();
        String securityCode = (String)session.getAttribute(Constant.SESSION_SECURITY_CODE);
        String code = httpRequest.getParameter("code");
        if(StringUtil.isEmpty(securityCode)){
            httpRequest.setAttribute("shiroLoginFailure", UserConstant.SESSION_CODE_ISNULL);
            return true;
        }else if(!StringUtil.isEmpty(securityCode) && !StringUtil.isEmpty(code) && !securityCode.equalsIgnoreCase(code)){
            httpRequest.setAttribute("shiroLoginFailure", UserConstant.RANDOM_CODE_ERROR);
            return true;
        }
        return super.onAccessDenied(request, response);
    }

}
